ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilAuthBase.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
33 abstract class ilAuthBase
34 {
35  // Used for SOAP Auth
36  // TODO: Find another solution
37  protected $sub_status = null;
38 
39  protected $exceeded_user_name;
40 
41 
46  public function getSubStatus()
47  {
48  return $this->sub_status;
49  }
50 
55  public function setSubStatus($a_sub_status)
56  {
57  $this->sub_status = $a_sub_status;
58  }
59 
65  public function supportsRedirects()
66  {
67  return true;
68  }
69 
74  final public function getContainer()
75  {
76  return $this->storage;
77  }
78 
84  final protected function initAuth()
85  {
86  ilSessionControl::initSession();
87 
88  $this->enableLogging = true;
89  //$this->enableLogging = false;
90 
91  if ($this->enableLogging) {
92  ilLoggerFactory::getLogger('auth')->debug('Init callbacks');
93  }
94  $this->setLoginCallback(array($this,'loginObserver'));
95  $this->setFailedLoginCallback(array($this,'failedLoginObserver'));
96  $this->setCheckAuthCallback(array($this,'checkAuthObserver'));
97  $this->setLogoutCallback(array($this,'logoutObserver'));
98 
99  include_once('Services/Authentication/classes/class.ilAuthLogObserver.php');
100  $this->attachLogObserver(new ilAuthLogObserver(AUTH_LOG_DEBUG));
101  }
102 
109  protected function loginObserver($a_username, $a_auth)
110  {
111  global $DIC;
112 
113  $ilLog = $DIC['ilLog'];
114  $ilAppEventHandler = $DIC['ilAppEventHandler'];
115  $ilSetting = $DIC['ilSetting'];
116 
117  if ($this->getContainer()->loginObserver($a_username, $a_auth)) {
118  // validate user
119  include_once "Services/User/classes/class.ilObjUser.php";
120  $user_id = ilObjUser::_loginExists($a_auth->getUsername());
121  if ($user_id != ANONYMOUS_USER_ID) {
122  $user = new ilObjUser($user_id);
123 
124  // check if profile is complete
125  include_once "Services/User/classes/class.ilUserProfile.php";
126  if (ilUserProfile::isProfileIncomplete($user) and ilAuthFactory::getContext() != ilAuthFactory::CONTEXT_ECS) {
127  $user->setProfileIncomplete(true);
128  $user->update();
129  }
130 
131  // --- extended user validation
132  //
133  // we only have a single status, so abort after each one
134  // order from highest priority to lowest
135 
136  // active?
137  if (!$user->getActive()) {
138  $this->status = AUTH_USER_INACTIVE;
139  $a_auth->logout();
140  return;
141  }
142 
143  // time limit
144  if (!$user->checkTimeLimit()) {
145  $this->status = AUTH_USER_TIME_LIMIT_EXCEEDED;
146  // #16327
147  $this->exceeded_user_name = $this->getUserName();
148  $a_auth->logout();
149  return;
150  }
151 
152  // check client ip
153  $clientip = $user->getClientIP();
154  if (trim($clientip) != "") {
155  $clientip = preg_replace("/[^0-9.?*,:]+/", "", $clientip);
156  $clientip = str_replace(".", "\\.", $clientip);
157  $clientip = str_replace(array("?","*",","), array("[0-9]","[0-9]*","|"), $clientip);
158  if (!preg_match("/^" . $clientip . "$/", $_SERVER["REMOTE_ADDR"])) {
159  $this->status = AUTH_USER_WRONG_IP;
160  $a_auth->logout();
161  return;
162  }
163  }
164 
165  // simultaneous login
166  if ($ilSetting->get('ps_prevent_simultaneous_logins') &&
167  ilObjUser::hasActiveSession($user_id)) {
168  $this->status = AUTH_USER_SIMULTANEOUS_LOGIN;
169  $a_auth->logout();
170  return;
171  }
172 
173  include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
174  ilOnlineTracking::addUser($user_id);
175 
176  include_once 'Modules/Forum/classes/class.ilObjForum.php';
177  ilObjForum::_updateOldAccess($user_id);
178 
179  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
180  $security_settings = ilSecuritySettings::_getInstance();
181 
182  // determine first login of user for setting an indicator
183  // which still is available in PersonalDesktop, Repository, ...
184  // (last login date is set to current date in next step)
185  if ($security_settings->isPasswordChangeOnFirstLoginEnabled() &&
186  $user->getLastLogin() == null
187  ) {
188  $user->resetLastPasswordChange();
189  }
190 
191  $user->refreshLogin();
192 
193  // reset counter for failed logins
194  ilObjUser::_resetLoginAttempts($user_id);
195  }
196 
197  // --- anonymous/registered user
198  ilLoggerFactory::getLogger('auth')->info(
199  'logged in as ' . $a_auth->getUsername() .
200  ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
201  ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
202  );
203 
204  ilSessionControl::handleLoginEvent($a_auth->getUsername(), $a_auth);
205 
206  $ilAppEventHandler->raise(
207  'Services/Authentication',
208  'afterLogin',
209  array('username' => $a_auth->getUsername())
210  );
211  }
212  }
213 
220  protected function failedLoginObserver($a_username, $a_auth)
221  {
222  global $DIC;
223 
224  $ilLog = $DIC['ilLog'];
225 
226  ilLoggerFactory::getLogger('auth')->info(
227  ': login failed for user ' . $a_username .
228  ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
229  ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
230  );
231 
232  if ($a_username) {
233  $usr_id = ilObjUser::_lookupId($a_username);
234  if (!in_array($usr_id, array(ANONYMOUS_USER_ID))) {
235  ilObjUser::_incrementLoginAttempts($usr_id);
236  $login_attempts = ilObjUser::_getLoginAttempts($usr_id);
237 
238  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
239  $security = ilSecuritySettings::_getInstance();
240  $max_attempts = $security->getLoginMaxAttempts();
241 
242  if ((int) $max_attempts && $login_attempts >= $max_attempts) {
243  ilObjUser::_setUserInactive($usr_id);
244  }
245  }
246  }
247 
248  return $this->getContainer()->failedLoginObserver($a_username, $a_auth);
249  }
250 
257  protected function checkAuthObserver($a_username, $a_auth)
258  {
259  return $this->getContainer()->checkAuthObserver($a_username, $a_auth);
260  }
261 
268  protected function logoutObserver($a_username, $a_auth)
269  {
270  global $DIC;
271 
272  $ilLog = $DIC['ilLog'];
273  $ilAppEventHandler = $DIC['ilAppEventHandler'];
274 
275  ilLoggerFactory::getLogger('auth')->info('Logout observer called for ' . $a_username);
276 
277  ilSessionControl::handleLogoutEvent();
278 
279  $ilAppEventHandler->raise(
280  'Services/Authentication',
281  'afterLogout',
282  array('username' => $a_auth->getUsername())
283  );
284 
285  return $this->getContainer()->logoutObserver($a_username, $a_auth);
286  }
287 
288  public function getExceededUserName()
289  {
290  return $this->exceeded_user_name;
291  }
292 }
ilUserProfile\isProfileIncomplete
static isProfileIncomplete($a_user, $a_include_udf=true, $a_personal_data_only=true)
Check if all required personal data fields are set.
Definition: class.ilUserProfile.php:839
AUTH_USER_INACTIVE
const AUTH_USER_INACTIVE
Definition: class.ilAuthUtils.php:51
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
AUTH_USER_WRONG_IP
const AUTH_USER_WRONG_IP
Definition: class.ilAuthUtils.php:50
ilAuthBase\failedLoginObserver
failedLoginObserver($a_username, $a_auth)
Called after failed login.
Definition: class.ilAuthBase.php:220
ilObjUser\hasActiveSession
static hasActiveSession($a_user_id, $a_session_id)
Check for simultaneous login.
Definition: class.ilObjUser.php:2598
$DIC
global $DIC
Definition: saml.php:7
ilAuthBase\initAuth
initAuth()
Init auth object Enable logging, set callbacks...
Definition: class.ilAuthBase.php:84
ilObjUser\_incrementLoginAttempts
static _incrementLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4902
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:827
ilAuthBase\getContainer
getContainer()
Get container object.
Definition: class.ilAuthBase.php:74
AUTH_USER_TIME_LIMIT_EXCEEDED
const AUTH_USER_TIME_LIMIT_EXCEEDED
Definition: class.ilAuthUtils.php:52
ilObjUser\_resetLoginAttempts
static _resetLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4872
ilObjUser\_getLoginAttempts
static _getLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4888
ilAuthBase\getSubStatus
getSubStatus()
Get sub status.
Definition: class.ilAuthBase.php:46
ilObjUser\_loginExists
static _loginExists($a_login, $a_user_id=0)
check if a login name already exists You may exclude a user from the check by giving his user id as 2...
Definition: class.ilObjUser.php:4573
ilAuthBase\logoutObserver
logoutObserver($a_username, $a_auth)
Called after logout.
Definition: class.ilAuthBase.php:268
ilAuthBase
Base class for all PEAR and ILIAS auth classes.
Definition: class.ilAuthBase.php:33
ilAuthBase\checkAuthObserver
checkAuthObserver($a_username, $a_auth)
Called after each check auth request.
Definition: class.ilAuthBase.php:257
ilAuthBase\loginObserver
loginObserver($a_username, $a_auth)
Called after successful login.
Definition: class.ilAuthBase.php:109
ilAuthBase\setSubStatus
setSubStatus($a_sub_status)
Set sub status.
Definition: class.ilAuthBase.php:55
ilObjForum\_updateOldAccess
static _updateOldAccess($a_usr_id)
Definition: class.ilObjForum.php:375
$user
$user
Definition: migrateto20.php:57
$ilLog
$ilLog
Definition: inc.setup_header.php:123
AUTH_USER_SIMULTANEOUS_LOGIN
const AUTH_USER_SIMULTANEOUS_LOGIN
Definition: class.ilAuthUtils.php:53
ilSessionControl\initSession
static initSession()
mark session with type regarding to the context.
Definition: class.ilSessionControl.php:144
ilObjUser\_setUserInactive
static _setUserInactive($a_usr_id)
Definition: class.ilObjUser.php:4918
$ilSetting
global $ilSetting
Definition: privfeed.php:17
ilAuthBase\supportsRedirects
supportsRedirects()
Returns true, if the current auth mode allows redirects to e.g the login screen, public section ...
Definition: class.ilAuthBase.php:65
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
ilSessionControl\handleLogoutEvent
static handleLogoutEvent()
reset sessions type to unknown
Definition: class.ilSessionControl.php:213
ilSessionControl\handleLoginEvent
static handleLoginEvent($a_login, ilAuthSession $auth_session)
when current session is allowed to be created it marks it with type regarding to the sessions user co...
Definition: class.ilSessionControl.php:168
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:107